Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e3134362e3233322e302f32312d3332203d3e203430303231.roa
File:                     36322e3134362e3233322e302f32312d3332203d3e203430303231.roa (raw, json)
Hash identifier:          98BCtISvjhszsPOwgks2CxCICOIEvynXSBWRa1UqPQ4=
Subject key identifier:   27:70:3A:75:E2:98:58:FE:DF:1C:A7:CD:E9:EA:BE:5C:74:FF:FE:5A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7AAF66CAAB524C79DA2CE380B2278845ADD45E14
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e3134362e3233322e302f32312d3332203d3e203430303231.roa
Signing time:             Tue 19 Mar 2024 10:03:14 +0000
ROA not before:           Tue 19 Mar 2024 09:58:14 +0000
ROA not after:            Tue 18 Mar 2025 10:03:14 +0000
asID:                     40021
IP address blocks:        62.146.232.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:af:66:ca:ab:52:4c:79:da:2c:e3:80:b2:27:88:45:ad:d4:5e:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 19 09:58:14 2024 GMT
            Not After : Mar 18 10:03:14 2025 GMT
        Subject: CN=27703A75E29858FEDF1CA7CDE9EABE5C74FFFE5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:77:5f:d3:2a:5b:55:40:c6:da:b0:4f:2d:ca:
                    38:89:65:69:90:84:8b:3e:ff:34:e5:c3:28:fe:a4:
                    e4:9e:61:5a:a7:92:5f:6e:1b:63:dc:bf:29:89:53:
                    4b:4c:f2:41:de:91:5d:b1:7c:15:2d:84:30:d6:fb:
                    13:4f:10:c8:dd:5b:d3:be:23:cc:23:dd:94:27:f2:
                    4b:32:03:39:ba:7b:1a:a6:c1:cc:cd:c5:41:2d:05:
                    d4:29:23:3e:a1:89:ae:b7:3b:f1:98:72:0c:9c:ee:
                    80:95:90:be:f3:d7:a7:07:67:c9:d5:6a:5b:06:6d:
                    02:13:16:af:f5:dd:6d:d0:ef:9f:e3:33:b4:25:c1:
                    f9:54:07:1e:c8:b4:0c:b4:b9:22:51:3f:bd:c6:b5:
                    35:ad:ec:50:25:7b:87:90:26:58:df:b1:cc:f3:a7:
                    2d:95:2e:28:d7:47:bd:18:e0:a2:9f:5d:70:4e:fc:
                    ce:6a:0f:93:fa:9d:d5:c7:d3:1c:50:3d:79:fb:df:
                    da:81:a8:5b:0f:b5:20:09:2a:4b:52:3a:cc:78:17:
                    8d:ab:22:88:83:82:fc:04:8f:98:a3:9d:d4:4a:52:
                    a0:2e:5d:63:a4:79:4e:02:b7:2d:8e:30:d0:85:cd:
                    cb:62:4b:d8:e6:0f:10:17:05:f0:f7:85:d0:94:f4:
                    29:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:70:3A:75:E2:98:58:FE:DF:1C:A7:CD:E9:EA:BE:5C:74:FF:FE:5A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e3134362e3233322e302f32312d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.146.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         80:0f:75:df:cb:51:7d:12:13:83:06:a3:f6:c1:c3:11:1b:cc:
         25:80:28:e3:68:85:9c:90:5d:d3:fc:e1:45:0a:ce:45:58:84:
         8d:96:c7:94:ce:27:0c:3a:f3:74:08:79:d6:c5:f0:a0:e0:71:
         04:b3:57:96:65:0e:fd:e0:d9:40:8d:9f:b3:1c:d8:51:d8:39:
         a2:ac:eb:8c:7b:a1:44:d9:54:06:20:95:64:b2:57:05:38:d7:
         68:18:fa:13:3e:84:d9:9b:a8:1a:30:34:5e:ab:7b:40:c2:c8:
         06:f8:3d:cf:09:e7:a7:a8:50:7d:33:2b:4c:15:c6:75:ed:e3:
         bf:33:e1:ac:22:6e:95:55:25:33:29:be:c9:98:38:c4:aa:f7:
         1a:81:ee:d7:5d:f7:fc:14:e0:32:02:9a:80:fc:e7:b8:76:c3:
         c9:cd:50:d9:af:70:21:ec:e0:6b:6a:9c:5c:95:27:9c:97:6a:
         5c:1f:5d:fc:68:1e:b6:ab:5c:c1:81:5f:cd:c8:1c:d2:5f:cd:
         0e:66:ac:13:1b:e9:67:fa:df:d6:a1:48:63:6f:66:a5:2b:c3:
         fe:cc:48:6a:03:4b:3b:f5:61:e4:ba:2f:6b:32:dd:9f:d2:61:
         37:4a:e1:19:9a:4c:9f:86:a8:88:b2:2f:71:3b:ac:22:e3:2c:
         d7:41:c5:a4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUeq9myqtSTHnaLOOAsieIRa3UXhQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMTkwOTU4MTRaFw0yNTAzMTgxMDAzMTRaMDMxMTAvBgNV
BAMTKDI3NzAzQTc1RTI5ODU4RkVERjFDQTdDREU5RUFCRTVDNzRGRkZFNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkd1/TKltVQMbasE8tyjiJZWmQ
hIs+/zTlwyj+pOSeYVqnkl9uG2PcvymJU0tM8kHekV2xfBUthDDW+xNPEMjdW9O+
I8wj3ZQn8ksyAzm6exqmwczNxUEtBdQpIz6hia63O/GYcgyc7oCVkL7z16cHZ8nV
alsGbQITFq/13W3Q75/jM7QlwflUBx7ItAy0uSJRP73GtTWt7FAle4eQJljfsczz
py2VLijXR70Y4KKfXXBO/M5qD5P6ndXH0xxQPXn739qBqFsPtSAJKktSOsx4F42r
IoiDgvwEj5ijndRKUqAuXWOkeU4Cty2OMNCFzctiS9jmDxAXBfD3hdCU9CkXAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUJ3A6deKYWP7fHKfN6eq+XHT//lowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzEzNDM2MmUzMjMz
MzIyZTMwMmYzMjMxMmQzMzMyMjAzZDNlMjAzNDMwMzAzMjMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD
PpLoMA0GCSqGSIb3DQEBCwUAA4IBAQCAD3Xfy1F9EhODBqP2wcMRG8wlgCjjaIWc
kF3T/OFFCs5FWISNlseUzicMOvN0CHnWxfCg4HEEs1eWZQ794NlAjZ+zHNhR2Dmi
rOuMe6FE2VQGIJVkslcFONdoGPoTPoTZm6gaMDReq3tAwsgG+D3PCeenqFB9MytM
FcZ17eO/M+GsIm6VVSUzKb7JmDjEqvcage7XXff8FOAyApqA/Oe4dsPJzVDZr3Ah
7OBrapxclSecl2pcH138aB62q1zBgV/NyBzSX80OZqwTG+ln+t/WoUhjb2alK8P+
zEhqA0s79WHkui9rMt2f0mE3SuEZmkyfhqiIsi9xO6wi4yzXQcWk
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:48 2024 by rpki-client on console-ams.rpki-client.org